/mandos/trunk : revision 971

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to NEWS

Committer: Teddy Hogeborn
Date: 2019-02-10 08:41:14 UTC
Revision ID: teddy@recompile.se-20190210084114-u91mijrxtifvzra5

Bug fix: Only create TLS key with certtool, and read correct key file

* debian/mandos-client.postinst (create_keys): Remove any bad keys
                                               created by 1.8.0-1.
                                               Only create TLS keys if
                                               certtool succeeds.
* debian/mandos.postinst (configure): Remove any bad keys from
                                      clients.conf, and inform the
                                      user if any were found.
* debian/mandos.templates (mandos/removed_bad_key_ids): New message.
* mandos (MandosServer.handle_ipc): Do not trust a key_id with a known
                                    bad key ID.
* mandos-keygen (keygen): Only create TLS keys if certtool succeeds.
  (password): Bug fix: Generate key_id correctly, and only output
              key_id if TLS key exists.

files removed:
debian/po/POTFILES.in

debian/po/de.po

debian/po/en_US.po

debian/po/fr.po

debian/po/nl.po

debian/po/pt.po

debian/po/sv.po

debian/po/templates.pot

debian/source/lintian-overrides

debian/tests

debian/tests/control

debian/upstream/metadata

dracut-module

dracut-module/ask-password-mandos.path

dracut-module/ask-password-mandos.service

dracut-module/cmdline-mandos.sh

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-conf-hook

sysusers.d-mandos.conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

TODO

clients.conf

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos-client.templates

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.templates

debian/rules

debian/watch

initramfs-tools-hook

initramfs-tools-script

initramfs-unpack

intro.xml

mandos

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-options.xml

mandos-to-cryptroot-unlock

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

NEWS

This NEWS file records noteworthy changes, very tersely.

See the manual for detailed information.

Version 1.8.14 (2021-02-03)

* Client

** Create /dev/fd symlink (if necessary) in plugin-runner(8mandos) and

mandos-client(8mandos) (Workaround for Debian bug #981302)

Version 1.8.13 (2020-11-30)

* Client

** Fix unreliable test in password-agent(8mandos).

Version 1.8.12 (2020-07-04)

* Client

** Fix compatibility with the GNU C Library version 2.31.

** In initramfs-tools boots, only use setsid(1) when available.

Version 1.8.11 (2020-04-08)

* Client

** Fix file descriptor leak when adding or removing local routes to

unreachable hosts on the local network.

Version 1.8.10 (2020-03-21)

* Server

** Fix bug when setting a client's D-Bus "Secret" property

** Start client checkers after a random delay

** When using systemd, allow easier modification of server options

** Better log messages in mandos-monitor

* Client

** When using dracut & systemd, allow easier modification of options

Version 1.8.9 (2019-09-03)

* No user-visible changes

Version 1.8.8 (2019-08-18)

* No user-visible changes

Version 1.8.7 (2019-08-05)

* Client:

** Always compile with LFS (Large File Support) enabled.

* Server

** Improve intro(8mandos) manual page to cover dracut(8) support.

Version 1.8.6 (2019-08-03)

* Client:

** dracut support: In password-agent, properly ignore deleted and

renamed question files, and also fix memory alignment issue.

Version 1.8.5 (2019-07-30)

* Client

** Support dracut(8) as well as initramfs-tools(7).

** Minor bug fix: Allow the mandos-keygen --passfile option to use

passfiles with names starting with "-".

** Document known limitation of mandos-keygen --password; it strips

white space from start and end of the password.

* Server

** Bug fix: The server used to fail to restart if the "port" setting

was used. This has been fixed.

** Minor bug fix: Reap zombies left over from checker runs. (Debian

bug #933387)

Version 1.8.4 (2019-04-09)

* Client

** Fix minor memory leak in plugin-runner.

* Server

** mandos-ctl now has a --debug option to show D-Bus calls.

Version 1.8.3 (2019-02-11)

* No user-visible changes.

Version 1.8.2 (2019-02-10)

* Client

** In mandos-keygen, ignore failures to remove files in some cases.

Version 1.8.1 (2019-02-10)

* Client

** Only generate TLS keys using GnuTLS' certtool, of sufficient

version. Key generation of TLS keys will not happen until a

version of GnuTLS is installed with support for raw public keys.

** Remove any bad keys created by 1.8.0 and openssl.

* Server

** On installation, edit clients.conf and remove the same bad key ID

which was erroneously reported by all 1.8.0 clients. Also do not

trust this key ID in the server.

Version 1.8.0 (2019-02-10)

* Client

** Use new TLS keys for server communication and identification.

Older »